Authentication using a read-once memory

ABSTRACT

The device comprises a memory ( 10 ) with a first section ( 11 ) and a second section ( 12 ). The second section ( 12 ) can be read only after erasure of the first section ( 11 ). The memory is suitable for authentication purposes, in that the first section ( 11 ) contains a first code part and the second section contains a second code part of an identification code. The device is preferably an semiconductor device and can be integrated in articles and in record carriers.

The invention relates to a system comprising a memory provided with afirst and a second section, each with a number of memory elements, whichmemory is suitable for storing an identification code that is oncereadable for authentication purposes.

The invention also relates to a method of authentifying an article, thatis provided with an identification code stored in a memory, wherein areader compares the identification code in the memory of the system withat least one reference code.

Such a system and such a method are known from U.S. Pat. No. 5,032,708.The known system is a semiconductor device which has awrite-once-read-once memory with fuses as memory elements. The fusesindicate the status of a particular bit in either of two memory arrays,one of which memory arrays is directly readable and one is encrypted. Tocheck the authenticity of the system, a reader generates a random bitsequence, according to which a number of elements of both memory arraysare read. The random bit sequence then determines for each bit read fromthe memory arrays, whether the directly readable or the encrypted bit ispassed on to the reader. Before the data in an element comes availableto the reader, the element and the corresponding element in theencrypted array are destructed. The response is compared to an expectedresponse sequence, that has been supplied to the reader from theencrypted memory array.

It is a disadvantage of the known device that a malicious person canfind out the encryption mechanism by supplying a non-random bit sequenceto the semiconductor device resulting in a systematic comparison of theencrypted array with the directly readable array. This would allow themanufacturing of fake articles while even the authentication procedurestates that the articles are authentic. Alternatively, it would allowaccess to the article (for instance with software) or to a location (forinstance with a swimming pool) multiple times, whereas access is allowedonly once.

It is therefore a first object of the invention to provide a system ofthe kind mentioned in the opening paragraph with an improved memory foridentification and/or authentication purposes.

The first object is realized in that the first section and the secondsection are connected in series with connection means between them, thefirst section being suitable for storing a first code part of theidentification code and the second section being suitable for storing asecond code part of the identification code, and the connection meansprovide access to the second section only if the first code part in thefirst section has been erased.

The invention offers an improved memory for authentication both for thecase of the stand-alone authentication system and for the case of thesystem including a connection to a central database. The insight of theinvention is that in effect a plurality of identification codes can beread out, only one of which will provide the authentication at a certaininstance. In any other non-authenticating read-out either the firstsection or the second section is not accessible. Instead some random orstandard digits will be read out. However, there is only one opportunityfor consecutive reading of the first code part and the second code part,since the second section of the memory can be accessed only aftererasure of the first code part from the first section.

In fact, the memory is not a read-once memory, but a memory with acertain part that can be read only once. This part is the combination ofthe first and second sections of the memory, wherein the identificationcode is to be stored. Both the first and the second sections can beread-once or read-many in itself. In order to increase the security, itis preferred that at least a part of the subsection is read-once.

The system of the invention has—with its memory of which at least somecan be read more often—the advantage in comparison to the prior art,that several persons can do an authentication independently. If forinstance the first section of the memory can be read more often, areseller can assess whether the products to be sold are original orcounterfeited products. He can do so, without obtaining the completeidentification code, and thus, without using the authenticate-oncemeasure. The difference between the reading of the first section onlyand the authentication may be made through an algorithm supplied by thereader. Besides, a consumer can check the authenticity independently aswell, through the use of the second section of the memory. Both thereseller and the consumer can get a reference code via the internet. Thereseller may also be provided a list with reference codes. A system toenable contact to an information database, for instance a specific pageon the internet, with the help of a transponder, is known from WO-A01/26320.

At the same time, the system of the invention offers advantages to aproducer of an authentic product or an owner of a service as well. Firstof all, the independent authentication by several persons—e.g. thereseller and the customer—allows the authentic producer of a product toget knowledge about the customers. Secondly, the fact that not thecomplete identification code is destroyed offers the possibility toestablish a connection between the semiconductor device (and hence theuser) and a central database of the authentic producer or service owner,after the first authentic use of the semiconductor device. For instance,if a piece of software is installed at a second instance, the secondportion may establish a connection to the database of the softwareproducer, providing the computer address. A message can be returnedstating that further use is not allowed or only after additionalpayment, or stating that a new version of the software is available.

In a first embodiment of the system of the invention the first code partin the first section can be read once only and the second code part inthe second section can be read more often. The system has the advantage,that a consumer can be the first one to do a read-out. It is forinstance advantageous if the system is used as a security for one-timeusuable goods or data, such as software or credits, for example fortelephone cards. With this embodiment, the second section can be usedfor a separate identification procedure. Preferably the system isencorporated in a semiconductor device and comprises an antenna Such asemiconductor device with antenna is also known as an transponder.

In a second embodiment of the system, the first code part in the firstsection can be read more often and the second code part in the secondsection can be read once, and the memory comprises a third section, thatis accessible only after the first code part in the first section hasbeen erased and that can be read more often. In this embodiment thefirst section can be read more often, and also the second set of memoryelements of the second section can be read more often. This embodimentis suitable for the provision of a triple authorisation.

A further version of this embodiment is that the memory is for thelargest part a read-many memory, and that the first and second sectionare integrated therein. If then the second section contains read-onceelements, instead of the first section, the read-once memory is hiddeneffectively: only if the reader is provided with a signal to start theauthenticating reading, the second section will be entered. Before that,it is not visible.

This further version has as a first advantage that it is more difficultto trace the read-once memory. It is a second advantage that theread-once memory may be used as an additional security feature. Such amemory is well suited to check a specific use of articles that arewidespread available, as for instance banknotes or other securitydocuments. Dependent on a signal from the reader the first code part maybe erased from the first section to enable reading of the data in thesecond and third section. If for instance the signal is given after acertain moment of time, all banknotes that are read out will have theidentification code with the second section. Thus it can be identifiedhow long a banknote has not circulated in the normal circuit.Alternatively, this could be used as an additional security feature,since the type of identification codes used changes suddenly.

The system of the invention can be any kind of system comprising amemory.

Basically, the system can be a single device incorporating memory andconnection means. A preferred example thereof is a semiconductor device.In this case the connection means are any type of switch, wherein theposition of the switch is dependent on input from the first section, inparticular on the status of at least some of the memory elementsthereof. In a preferred embodiment, the connection means comprise anAND-function. As any skilled person will understand, the AND-functionmay also be implemented with NAND-structures.

It is advantageous if an antenna is present to communicate contactlesslywith a reader. The semiconductor device and the antenna may be designedso as to form a transponder. This transponder, per se known by theskilled person, can be operated without a battery. Transponders can beprovided in the form of labels, or can be integrated in articles. Sucharticles can be of various shape, function and art.

A first type of articles comprises articles that are counterfeited verymuch. Such articles usually carry a well-known trademark and examplesare for instance clothes, perfume, shoes, watches, consumer electronicsand the like.

A second type of articles consists of those of which a consumer cannotsee at the outside whether they are valid, or which should be consideredas coupons with which an account can be uploaded. Examples include cardswith which a prepaid account of a mobile telephone can be increased.

A third type of articles consists of those articles that could be usedmore often, but of which it is not allowed to use them more often. Anexample is a software license. A preferred example thereof is that thearticle is a record carrier with the information that is to be read onlyafter authentication with the identification code, the semiconductordevice being present in or on the record carrier. The integration of asemiconductor device in a record carrier is known per se, for examplefrom WO-A 02/25582.

A fourth type of articles comprises articles that circulate very muchand of which an authority in the field of the articles, would like todetect specific types of use or misuse, although the holder of thearticle is unknown. Examples are for instance banknotes, passports andother security documents. The memory of the system of this type ofarticles comprises a zeroth section and a third section each containinginformation different from the identification code, the zeroth sectionbeing accessible before the first code part has been erased and thethird section being only accessible after the first code part has beenerased.

A fifth type of articles are smart cards. The memory of thesemiconductor device thereof contains financial data or other datarelated to a specified person. The semiconductor device is in such anapplication preferably provided with bond pads, which allow access tothe semiconductor device from contacts or an antenna at the smartcard.At the same time, the bond pads allow probing. This gives to a hacker orany other malicious person a relatively easy access to the data on thesmartcard. By using the invention for the semiconductor device in asmart card, this can be prevented. Access will be given to the secondsection of the memory when the bond pads are probed. At the same time,the first code part will be erased. This has as results that the smartcard is not valid anymore due to said erasure, and that the hacker isprovided with an identification code that is not the correct code. Thesecond and third section of the memory will contain only fake data.Further on, use of a smartcard that has been probed will be tracedautomatically once a contact is established between the semiconductordevice in the smartcard and any central database.

In another embodiment of the system of the invention, it comprises atleast two separate objects. Therein, the memory is provided in a recordcarrier, the first and the second section thereof having each a positionon the record carrier, the record carrier being provided withinformation that is to be read only after authentication with theidentification code. The connection means comprise an index of therecord carrier indicating the positions of the first and second section,and the connection means comprise a microprocessor that is present in areader for the record carrier to allow reading and erasure of the firstand second sections.

In this embodiment, the connection means comprise an index, since thefirst and second sections of the memory will be present anywhere in thememory. Preferably they are spread over the memory. Contrarily to amemory in a semiconductor device, a record carrier—a record carrier withan optically readable memory in particular—is accessible at manylocations on the memory. In order to read parts of the memory it is notnecessary to enter the memory through an entrance unit. It should thusbe prevented that the read-once part of the memory is skipped. By meansof spreading the sections, the chance of skipping them becomeneglegible. This is in particular the case, if a plurality of sectionsis present. Examples of record carriers include a record carrier havingan optically readable memory; a magnetic hard-disc; a memory integratedcircuit.

The record carrier is for example an optical disc for storage and/orrecording purposes, such as the CD, CD-ROM and DVD-RW. A problem,especially with record carriers that comprise contents, is that thesecontents should not be copied unauthorized. Thus, if any customer buysonly one license, he should be able to use the contents of the recordcarrier only once. The system of the invention provides means to ensurethat the record carrier is read only once, or another limited numberequal to the licenses provided. It further may be used to ensure thatthe record carrier is used for one reader only.

It is a second object of the invention to provide a method of the kinddescribed in the opening paragraph with an improved and simpleauthentication procedure.

The second object is realized in that the reader compares theidentification code with the reference code, comprising the steps of:

reading the first code part from the first section of the memory of thesystem of the invention and storing it;

erasing the first code part;

reading the second code part from the second section of the memory;

constructing the identification code from the first and the second codepart;

comparing the identification code with the at least one reference code;and

authentifying the article only, if the identification code and thereference code correspond.

In the method of the invention, use is made of the system of theinvention to check the status of the article. The term ‘status’ is meanttherein to include the status of a user's rights to the article and orto any information on the record carrier. This is especially ofimportance with respect to software and other digital data on a recordcarrier, for which a user has acquired a single license only. The termis also meant to include the status of the article, i.e. whether thearticle is unused and/or valid. This is for instance important withrespect to telephone cards and like items, that can be used once, and ofwhich the validity cannot be checked in a visible manner. The term isfurther meant to include the authenticity of the article, i.e. whetheran article indicated with a trademark originates from the trademarkowner.

With the method of the invention, an improved resistance is offeredagainst illegal use or copying of data, articles, designs and the like.In fact the status of the article or record carrier can be checkeddirectly. Further on, if the status is not correct, a measure can betaken immediately, i.e. not giving access to available information, orgiving the information to the customer enabling him to reject thearticle.

The information regarding the status of the article or the recordcarrier may be stored, for example in the reader or eventually in thetransponder. Further on, it may be transferred to a central database,optionally including information about the legal or illegal use. Also,the status of the article may be shown to the customer or user invarious manners, including the display of a message or a color signal.Alternatively, a signal may be shown only in the cases, wherein thestatus is not approved.

In an advantageous embodiment a substitute code is provided in thememory of the system after erasure of the first code part, thesubstitute code being an encrypted version of the first code of whichthe encryption is dependent on the reader. This embodiment is especiallysuitable, if the article to be protected is a record carrier withcontents that are meant to be used by a single user only. The substitutecode identifies the reader. After the provision of such a substitutecode, the record carrier will operate only in connection with thespecific reader.

For example: a customer that has acquired a record carrier, loads thecontents thereof in a memory of the reader. Such a reader is for examplea personal computer, or a digital video disc player. While loading thecontents, the first code is read by the reader and stored in its memory.The first code in the memory at the record carrier is then erased and athird code is stored therein. This third code is an encrypted version ofthe first code, of which the encryption is preferably based on anidentification number of the reader. The second code can only giveaccess to the contents in combination with the first code. Thus, onlythe reader having the first code can get access to the contents. Such amethod is preferably used with a transponder integrated in a recordcarrier.

These and other aspects of the semiconductor device, the transponder,the article and the methods of the invention will be further elucidatedwith reference to the drawings, in which:

FIG. 1 shows a schematic diagram of a first embodiment of the memory ofthe semiconductor device;

FIG. 2 shows a detail of FIG. 1

FIG. 3 shows a schematic diagram of a second embodiment of the memory ofthe semiconductor device in a first state;

FIG. 4 shows a schematic diagram of a second embodiment of the memory ofthe semiconductor device in a second state;

FIG. 5 shows a schematic diagram of a third embodiment the memory of thesemiconductor device; and

The figures are schematical in nature and disclose only embodiments.Modifications and variations within the scope of the present applicationwill come to the mind of the skilled person easily. The same referencenumbers are used in the various figures for the same or similar parts.

FIG. 1 shows a first embodiment of the memory 10 of the device of theinvention, in particular a semiconductor device. The memory 10 comprisesa sequencer 30, a read control unit 50, a non-volatile memory unit 60, aserial memory unit 70 and a multiplexer 40. The non-volatile memory unit60 can be divided into a first section 11 and a second section 12. It isconnected via bidirectional busses to the serial memory unit 70.

The memory works as follows: a clock signal 21 is received by thesequencer 30, together with two input signals 31,32. These signals21,31,32 generally originate from the card reader. The input signals31,32 may be bits and are used as control code. The sequencer 30, whichis based on a clock counter, generates a number of internal controlsignals 33,34, 37,39 that are needed to carry out the writing of anidentification code into the first and second sections 11,12 of thememory; the reading out of the first code part from the first section11; and the destruction of the first code part and the reading out ofthe second code part from the second section 12.

In order that the memory works adequate, it must be write-once at leastpartially. This is realized in the combination of the Read Control 50and the consecutive AND-structure 51. The Read Control 50 is fed withtwo control signals: the write/read control signal 34 and the write-oncecontrol signal 33. The same write/read control signal 34 is fed to theAND-structure 51 as well. If the write/read control signal 34 stateswriting and the write-once control signal 33 is positive as well, thenthe Read Control 50 will have a high output signal to the AND-structure51, unless certain conditions. In this case the AND-structure has twohigh-input signals 34,35, and the output signal 36 of the AND-structurecan give the order ‘write’.

Under certain conditions the Read-Control 50 will have a low outputsignal to the AND-structure 51 anyway, therewith explicitly forbiddingthe writing of the memory unit 60. This conditions are that a one-timeprogrammable write/read bit present in the Read-Control is programmed toreading. A more elaborate embodiment of the Read Control 50 will bediscussed with reference to FIG. 2.

FIG. 2 shows an example of the Read Control 50. It comprises anAND-structure, and further a NMOS transistor 54, a low resistance fuse52 and a high resistance 53. The structure is present between aV_(DD)-line 56 and a V_(SS)-line 55. If any of the input signals33,34—e.g. the write-once control signal 33 and the write/read controlsignal 34—is low, the NMOS transistor 54 is off and the output signal 35is pulled high by the resistance 52. If both input signals 33,34 arehigh, the NMOS transistor 54 pulls a high current down from V_(DD). Thecurrent passes through the low resistance or fuse 52, blowing it. Afterthe fuse 52 has been blown, the output signal 35 is always kept low bythe pull down resistance 53.

Returning to FIG. 1, we will discuss the non-volatile memory unit 60.The non-volatile memory unit 60 includes the first section 11 that is inthis embodiment meant to contain a public code, and the second section12 that is in this embodiment meant to contain a secret code. The memoryunit 60 further includes means to upload or download its contents. Onasserting an erase signal 38 from the sequencer 30 to the non-volatilememory unit 60, the first section 11 contains N_(p) bits can be erased.This erasure can be done irrespectively from the state of the W/R-bit.The memory unit 60 preferably has an intrinsically write-oncearchitecture like a fuse or ROM bank. The erasure operation isequivalent to blowing or programming all cells of the first section 11.

The serial memory unit 70 is N bits long, wherein N is larger thanN_(p). The serial memory unit 70 allows writing and reading data from asingle contact; in the case that the semiconductor device with thememory 10 is contained in a smartcard, this single contact may be asingle pin. The serial memory unit 70 is connected to the non-volatilememory unit 60 so that the data stored in the serial memory unit 70 canbe (in parallel) uploaded to the first and second sections 11,12 of thememory unit 60. Alternatively, depending on suitable control signals 39,the data in the memory unit 60 can be downloaded to the serial memoryunit 70. This first section 11 that is to be erased, is connected to theN_(p) bits of the serial memory unit 70 that are closer to the output23. In order to shift in or out the data 41 from or to the externalworld, the serial memory unit 70 needs a clock signal 21, that isprovided through the sequencer 30.

The three data operations—writing, reading of the public code andreading of the secret code will be discussed in more detail in thefollowing:

writing: The external control signals 31,32 tell the sequencer 30 thatthe identification code must be written in the non-volatile memory unit60. The sequencer 30 connects via the bi-directional multiplexer 40 theinput 25 of the serial memory unit 70 to the input/output data pin 41.Using the clock signal 21, which the sequencer 30 passes to the serialmemory unit 70, the two codes are written in the sequential memory oneafter the other, the public code first. After N clock cycles, when allthe bits of the code were transferred to the serial memory unit 70, thesequencer 30 stops passing the clock to the serial memory unit 70, setsthe W signal high and uploads the content of the serial memory unit 70to the first and second sections 11,12 of the memory unit 60. Theuploading does not need an external clock, and is effected by sending acontrol signal 39 to the busses between the serial and the non-volatilememory units 60,70. After a certain delay, which ensures a correctupload of the non-volatile memory unit 60, the sequencer 30 sets highthe write-once control signal 33, and the non-volatile memory unit 60 isprevented from further writing, with the mechanism described above.

reading the public code: The external control signals 31,32 tell thesequencer 30 that the public code must be read out. The sequencer 30connects the output of the serial memory 25 to the input/output pin 41via the multiplexer 40. The content of the non-volatile memory unit 60is downloaded to the serial memory unit 70. This operation does not needan external clock. When the serial memory unit 70 contains the publicand secret code, the data are shifted out, starting with the publiccode, at the pace given by the external clock. After the sequencer 30counts Np clock cycles all the P code is sent out, and the sequencer 30stops sending clocks to the serial memory unit 70. In this way only theP code is unveiled.

reading the secret code: The external control signals 31,32 tell thesequencer 30 that the secret code must be read out. The sequencer 30sends out the ERASE signal 38 and destroys the public code contained inthe first section 11 of the memory unit 60 containing Np bits. Thesequencer 30 then starts the same downloading procedure described withreference to the reading of the public code. This means that in theserial memory unit 70 the public code will now be all ones. The serialmemory output 23 is again connected to the input/output data pin 41 viathe multiplexer 40. At the pace of the external clock, the content ofthe serial memory unit 70 is shifted out the memory 10. Its first Npbits will be all ones, the following Ns bits are the secret code that isnow unveiled.

FIG. 3 shows a schematic diagram of a second embodiment of the memory 10of the semiconductor device, that is in a first state. The memory 10 ofthis embodiment is operated similarly to the memory 10 of FIG. 1. Inthis figure, only the serial memory—divided into parts 71 and 72—andcorresponding sections 11,12 of the memory unit 60 are shown. The memory10 comprises a first section 11 and a second section 12, clock signalinputs 21,22, outputs 23,24 to a reader, input 25 of the serial memory70, and connection blocks 26,27. The first section 11 is in this exampleread-once, whereas the second section 12 is read-many. Before the serialmemory parts 71,72 can be read out, the data must be loaded from thecorresponding first and second section 11,12. The connection blocks26,27 are AND-elements and further preferably include a flip-flop tosynchronize the signals from the memory elements in the serial memoryparts 71,72. In order to assure that signals are received the one afterthe other by the reader, any kind of—not-shown—switch is present eitherafter the memory to switch between outputs 23,24 or before the clocksignal inputs 21,22, to provide a desired delay to the signal input 22.

After loading the serial memory parts 71,72, an input 25 will be sent tothe first section 11 by the (not-shown) multiplexer 40. At the same timea clock signal provided via input 21 to the individual memory elements111–114 of the serial memory part 71. These memory elements 111–114 willprovide their contents to the output 23. After being erased, the memoryelements 111–114 will provide their contents to connection block 26 aswell. Only if all elements 111–114 are being erased, the connectionblock 26 will provide a signal “one” to a second connection block 27. Inthis block 27, the signal from clock signal input 22 will be handled tothe second serial memory part 72 only if the signal from connectionblock 26 is one. Then the second serial memory part 72 can be read. Theidentification code being read is in this example 10100110, and it willprovide the requested authentication.

After having read the data of the second section 12, the contents of thememory 10 can be read again. This is shown in FIG. 4. In this case, theidentification code will be 11110110. This identification code can beprogrammed that no access to an article is given. However, if connectedto a central database, the identification code can at the same timeprovide a connection for an independent contact between the authenticproducer of the sold good and the customer that has bought the good.

FIG. 5 shows a third embodiment of the memory 10. In this figure onlythe sections 11,12 of the memory unit and the serial memory parts71,72,73 are shown. The operation of the memory 10 is in essence furtherequal to the memory 10 of FIG. 1. In this embodiment the first section11 is read many, and the second section 12 contains a first set 13 ofmemory elements, and a second set 14 of memory elements. The first set13 is read-once, whereas the second set 14 is read-many. The connectionblocks 26,27 are connected slightly different in comparison with thefirst embodiment, and are now embodied as AND-elements. The connectionblock 26 will only provide a signal, if all inputs to the block are high(‘1’). The inputs of connection block come from the memory elements111,112 and 114 only. This means that the status of memory element 113is not relevant for the access to the second section 12. Also, it is notnecessary that this memory element 113 is erased. The connection block27 will provide an output 24 if the input from connection block 26 ishigh (‘1’).

Before access to the second section 12, the identification code beingread out will be 1000 0000 0000. When getting access to the secondsection 12 for the first time, the identification code will be 1000 00110110. Thereafter, the identification code will be 1101 1111 0110,or—depending on the specific programming of the first section 11—11111111 0110. These three codes can give access in different ways.Alternatively, the code 1101 1111 0110 may be used as a newidentification code for an article such as a bank note, which originallyhad the code 1000 0000 0000.

As will be understood, the invention can be embodied in various ways. Ifthe memory is in a semiconductor device, the first and second section ofthe memory can be connected through one AND-element or a hierarchy ofAND-elements. The read-once memory may be implemented with fuses.However, also any other type of non-volatile memory can be used, such asDRAM, MRAM, shift registers and the like. If the first section of thememory is read-many a signal is necessary with which data of the firstsection are erased, so as to enable reading of the second section. Thissignal is for instance a pulse originating from the reader. Preferably,a clock signal is sent a plurality of times to the read-once memory,which plurality corresponds to the plurality of memory elements in thefirst and the second section. If the second section is not accessible,blank or random digits can be produced. The clock signal can begenerated on the transponder, but is preferably generated in the reader.

Further on, it is not necessary, that the identification code is alwaysdivided in the same way over the first and the second section of thememory. Also, the length of the second section does not need to be equalto that of the first section, as is necessary in the prior art memory.In case that the second portion of the memory is not accessed, it can besubstituted by an equal number of standard or randomly chosen digits.These digits may vary from one semiconductor device to another. Hence,it will not or not easily become clear to a malicious person, what isthe length of the first section and what is the length of the secondsection. In order to increase the security of the memory of theinvention, the identification code may be provided such that differentdecryption methods are necessary for reading of the first and the secondsection of the memory.

Summarizing, the system, embodied in a device, of the inventioncomprises a memory with a first section and a second section. The secondsection can be read only after erasure of the first section. The memoryis suitable for authentication purposes, in that the first sectioncontains a first code part and the second section contains a second codepart of an identification code. The device is preferably ansemiconductor device and can be integrated in articles and in recordcarriers.

1. A system comprising: a memory that includes a first and a secondsection, a sequencer that is configured to provide read-access to thefirst and second sections, wherein: the first section is configured tostore a first code part of an identification code, the second section isconfigured to store a second code part of the identification code, andthe sequencer is configured to provide access to the second section onlyif the first code part in the first section has been erased from thememory.
 2. The system of claim 1, wherein the first code part in thefirst section is configured to be read once only and the second codepart in the second section is configured to be read more than once. 3.The system of claim 1, wherein: the first code part in the first sectionis configured to be read more than once, the second code part in thesecond section is configured to be read only once, the memory includes athird section that is configured to be read more than once, and thesequencer is configured to provide access to the third section onlyafter the first code part in the first section has been erased.
 4. Thesystem of claim 1, wherein the memory and the sequencer are incorporatedin a semiconductor device.
 5. The system of claim 1, including anantenna that is configured to communicate contactlessly with a reader.6. The system of claim 1, including a record carrier provided withinformation that is to be read only after an authentication based on theidentification code.
 7. The system of claim 1, wherein: the systemincludes a carrier, and the memory includes a zeroth section and a thirdsection, each containing information different from the identificationcode, the zeroth section being accessible before the first code part hasbeen erased and the third section being only accessible after the firstcode part has been erased.
 8. The system of claim 1, wherein: the memoryis provided in a record carrier, the first and the second sectionthereof having each a position on the record carrier, the record carrierbeing provided with information that is to be read only afterauthentication with the identification code, the sequencer includes: anindex of the record carrier indicating the positions of the first andsecond section, and a microprocessor that is present in a reader for therecord carrier and is configured to allow reading and erasure of thefirst and second sections.
 9. The system of claim 8, wherein the indexis present on the record carrier in an encrypted format, and themicroprocessor is configured to decrypt the index.
 10. The system ofclaim 1, including a shift register that is configured to couple thememory to an output of the system.
 11. The system of claim 10, whereinthe sequencer is configured to load the first and second sections to theshift register, so as to provide the first and second sections to theoutput in series.